cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Power Participant
Power Participant

Row Level Security question

I currently use Row Level Security at the Team level.    Meaning, we have salespeople, and I have created manual "groups"  (teams) and put each sales person in the team they belong to.    The manual group is created from the Salesperson field that exist on each table  (such as Orders table, Shipping table, etc).  

 

We have a situation where some salespeople might move from one team to another.   My idea is to create a new "group" and call it Previous Team or something.   Then assign the salesperson into that team.   

 

So, effectively one salesperson would then be tied to two different teams and we could track the orders associated with the salesperson during their tenure with each team.  

 

My question is:   Can RLS use two different groups?   Something like    [Team1] = "Direct Sales"  &&  [Team2] = Indirect Sales

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

hi @texmexdragon - the security in the role you are creating should be 

[Salesperson Team] = "Authorized Resller" ||  [ [Salesperson Team] = "Business Development" - as in the user should have access to Authorized Reseller OR Business development; you had previously set it up as an AND condition. 

 

Please mark the post as a solution and provide a 👍 if my comment helped with solving your issue. Thanks!

View solution in original post

8 REPLIES 8
Highlighted
Solution Sage
Solution Sage

@texmexdragon 

If I have understood the ProblemStatement Properly, you can create multiple Roles and assign to different groups.

 

Highlighted
Memorable Member
Memorable Member

@texmexdragon Yes, you can great different groups and assign users in those group. You can refer to below link for further details on RLS in powerbi

 

https://radacad.com/tag/row-level-security

https://blog.enterprisedna.co/scale-your-power-bi-reporting-with-row-level-security/

 

Highlighted
Memorable Member
Memorable Member

hi @texmexdragon - I would recommend a cleaner approach by creating a security table in your data model which will have the mapping the Sales Rep and the Branch or Revenue stream that they will have access to - then you can create a single security role which you can assign all Users to.

 

Ensure that this security table is setup as a bridge between your FACT and Location table - if you are applying RLS by location. Then as Sales Rep moves from one Branch to another you will only have to maintan the Security table rather than managing the users within each role.

Location RLS.png

 

You can refer to the link for more detailed steps on implementing the same: 

https://key2consulting.com/how-to-setup-row-level-security-rls-in-microsoft-power-bi/

 

Please mark the post as a solution and provide a 👍 if my comment helped with solving your issue. Thanks!

Highlighted
Microsoft
Microsoft

Hi, @texmexdragon

 

It’s my pleasure to answer for you.

If you only create a role on the desktop to filter the people in your table who compound two conditions at the same time, like: [Team1] = "Direct Sales" && [Team2] = Indirect Sales, it is possible, but when you publish it to the service Later, the added role must also be a group or a member that meets both conditions.

 

If it doesn’t meet your requirements ,could you please share more details and share some sample data?

 

Best Regards

Janey Guo

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Highlighted

Here is my RLS scenario: 

 

I have a few managers that need to see salespeople in the two groups below.    The "authorized reseller" team by itself works perfectly fine in the RLS environment.     My hope was that I could just add the additional team (business development) by just adding && and the other team name.    So something like:  [Salesperson Team] = "Authorized Resller" &&  [ [Salesperson Team] = "Business Development".    This does not work and ends up making everything disappear.  

 

Is there a way to do this?

 

texmexdragon_1-1601439802017.png

 

texmexdragon_0-1601439697261.png

 

Highlighted

Hi, @texmexdragon 

 

According to your description, if you want to create one role to meet two conditions in one column, it is obviously not enough.

You can create two roles and filter separately in the same column, then add the corresponding groups to the two roles on the Power BI service.

Like this:

v-janeyg-msft_0-1601443896625.png

 

If you have other questions, please feel free to ask me.

 

Best Regards

Janey Guo

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Highlighted

hi @texmexdragon - the security in the role you are creating should be 

[Salesperson Team] = "Authorized Resller" ||  [ [Salesperson Team] = "Business Development" - as in the user should have access to Authorized Reseller OR Business development; you had previously set it up as an AND condition. 

 

Please mark the post as a solution and provide a 👍 if my comment helped with solving your issue. Thanks!

View solution in original post

Highlighted

Thanks Everyone   @Sumanth_23   and  @v-janeyg-msft   

 

Sumanth's solution was the easiest and ultimately what I needed but thanks to Jane as well...I might be able to use that idea in the near future.  

Helpful resources

Announcements
Community Conference

Power Platform Community Conference

Check out the on demand sessions that are available now!

Community Conference

Microsoft Power Platform Communities

Check out the Winners!

secondImage

Create an end-to-end data and analytics solution

Learn how Power BI works with the latest Azure data and analytics innovations at the digital event with Microsoft CEO Satya Nadella.

Top Solution Authors
Top Kudoed Authors